fix(enterprise): ensure scim usernames are validated (#7925)

2025-07-06 15:41:45 +00:00 · 2023-06-08 17:59:49 -05:00
parent a4cc883be1
commit 30a635aa5f
3 changed files with 53 additions and 4 deletions
--- a/enterprise/coderd/scim_test.go
+++ b/enterprise/coderd/scim_test.go
@ -128,6 +128,39 @@ func TestScim(t *testing.T) {
 			assert.Equal(t, sUser.Emails[0].Value, userRes.Users[0].Email)
 			assert.Equal(t, sUser.UserName, userRes.Users[0].Username)
 		})
+
+		t.Run("DomainStrips", func(t *testing.T) {
+			t.Parallel()
+
+			ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+			defer cancel()
+
+			scimAPIKey := []byte("hi")
+			client := coderdenttest.New(t, &coderdenttest.Options{SCIMAPIKey: scimAPIKey})
+			_ = coderdtest.CreateFirstUser(t, client)
+			coderdenttest.AddLicense(t, client, coderdenttest.LicenseOptions{
+				AccountID: "coolin",
+				Features: license.Features{
+					codersdk.FeatureSCIM: 1,
+				},
+			})
+
+			sUser := makeScimUser(t)
+			sUser.UserName = sUser.UserName + "@coder.com"
+			res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey))
+			require.NoError(t, err)
+			defer res.Body.Close()
+			assert.Equal(t, http.StatusOK, res.StatusCode)
+
+			userRes, err := client.Users(ctx, codersdk.UsersRequest{Search: sUser.Emails[0].Value})
+			require.NoError(t, err)
+			require.Len(t, userRes.Users, 1)
+
+			assert.Equal(t, sUser.Emails[0].Value, userRes.Users[0].Email)
+			// Username should be the same as the given name. They all use the
+			// same string before we modified it above.
+			assert.Equal(t, sUser.Name.GivenName, userRes.Users[0].Username)
+		})
 	})

 	t.Run("patchUser", func(t *testing.T) {